{{ ansible_managed | comment }}

[Unit]
Description=node_exporter
After=network-online.target

[Service]
Type=simple
Environment="GOMAXPROCS={{ ansible_processor_vcpus|default(ansible_processor_count) }}"
User=prometheus
Group=prometheus
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/usr/local/bin/node_exporter \
  --collector.textfile.directory=/var/log/prometheus/ \
  --log.level=info \
  --collector.mountstats \
  --collector.processes \
  --no-collector.hwmon \
  --no-collector.infiniband \
  --no-collector.zfs \
  --web.listen-address=0.0.0.0:9100
CapabilityBoundingSet=CAP_SET_UID
LimitNOFILE=65000
LockPersonality=true
NoNewPrivileges=true
MemoryDenyWriteExecute=true
PrivateDevices=true
PrivateTmp=true
ProtectHome=true
RemoveIPC=true
RestrictSUIDSGID=true

ProtectSystem=full

SyslogIdentifier=prometheus
Restart=always

[Install]
WantedBy=multi-user.target
